Cybersecurity Incident — Canvas

Portland State University was notified of a cybersecurity incident involving Instructure, the company that provides our Canvas online learning management system. PSU is one of many institutions nationwide that were potentially impacted.

The Instructure Incident Report indicates that potentially exposed information consists of certain user data such as names, email addresses, student ID numbers and messages among users. OIT is monitoring the situation very closely and will share additional, relevant information with the PSU community as it becomes available.

Here are a few important facts we want to share:

• There is no indication that passwords, dates of birth, government identification numbers or financial information were compromised.
• No Portland State University systems were compromised. This incident was entirely isolated to Instructure’s own corporate systems.
• According to Instructure, they quickly detected the unauthorized access and eliminated the attacker from their network.
• Canvas and all other PSU systems remain fully functional and are safe to continue using.

While no action is required from PSU faculty, staff, or students regarding the Instructure incident at this time, please be aware that attackers may use compromised data from this incident to target you with phishing emails in the future. OIT strongly recommends remaining vigilant through practices such as always verifying the source of an email before responding or following links, using complex and unique passwords on all of your accounts and using two-factor authentication.

Thank you for your patience as we wait for further updates from Instructure, the parent company of Canvas.